CVE-2024-43732

CVSS 3.1 Score 4.6 of 10 (medium)

Details

Published Dec 10, 2024
Updated: Dec 17, 2024
CWE ID 79

Summary

CVE-2024-43732 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and older. The issue allows an attacker to inject malicious code into a web application's client-side scripts, manipulating the DOM and executing arbitrary code in the context of the victim's browser. This can be exploited through user interaction, such as persuading a victim to click on a malicious link. The vulnerability poses a significant risk, as successful exploitation can lead to data theft, session hijacking, or even complete system takeover. To mitigate this risk, it is recommended that users upgrade to the latest version of Adobe Experience Manager as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Adobe Experience Manager

Affected Vendors

  • Adobe